<?php
include 'session.php';
require 'free.php';

mysql_connect('localhost', 'root');
mysql_select_db('dots');

$userID = $_SESSION['userID'];
if (empty($_GET['description']))
{
	$description = '';
}
else
{
	$description = $_GET['description'];
	$reg = '/[A-Za-z0-9_]{2,}/';
	if (!preg_match($reg, $description))
	{
		header('location:../requests.php');
		exit;
	}
}

if (empty($_GET['field']))
{
	$fieldID = '';
}
else
{
	$fieldID = $_GET['field'];
	$reg = '/[0-9]{1,2}/';
	if (!preg_match($reg, $fieldID))
	{
		header('location:../requests.php');
		exit;
	}
}

if (free($userID) != 1)
{
	header('location:../requests.php');
	exit;
}
$query = "INSERT INTO requests (autorID, fieldID, description) VALUES ($userID, $fieldID, '$description')";
$result = mysql_query($query);

header('location:../requests.php');
?>